Muhammad Hammad – Online Resume

Muhammad Hammad  Cybersecurity Undergraduate
Email
hammad968​@gmail.com Phone
+92 331 3194269 Location
Karachi, Pakistan LinkedIn
LinkedIn GitHub
GitHub TryHackMe
TryHackMe 

Objective

Hands-on cybersecurity undergraduate with practical experience in web application penetration testing, vulnerability assessment, and structured reporting through Black Byt3 internship and lab platforms like PortSwigger Academy and TryHackMe. Strong foundation in OWASP methodologies, Linux, and enumeration, with a detail-oriented and curiosity-driven approach focused on identifying and exploiting real-world security vulnerabilities.

Professional Experience

Offensive Security Intern (Fellowship Program), Black Byt3

Feb 2026 – May 2026 | Remote

•Conducted controlled penetration testing on scoped web applications, identifying vulnerabilities using manual and automated techniques with Burp Suite and OWASP ZAP

•Performed reconnaissance and attack surface analysis including subdomain enumeration, live host discovery, and OSINT-based asset mapping using external intelligence sources

•Developed structured penetration testing reports with CVSS-based severity rating, proof-of-concept exploitation, methodology, and remediation recommendations

Student Laboratory Assistant, FAST National University of Computer and Emerging Sciences

•Data Structures Lab (Aug 2025 – Dec 2025): Mentored students in algorithms and data structures, assisted in assignment evaluation, debugging, and code review for logical and efficiency issues

•OOP Lab (Jan 2025 – May 2025): Guided 50+ students in object-oriented programming concepts, evaluated assignments, and provided debugging and conceptual support

CTF Achievements

•Achieved 3rd position among 56 teams in Intra-FAST CTF at FAST-NUCES Karachi (Nov 2025).

•Achieved 8th position among 50 teams in PROCOM '26 CTF at FAST-NUCES Karachi (Feb 2026).

•Achieved 8th position among 58 teams in CyberSENTS CTF 2.0 at NED University of Engineering and Technology (Oct 2025).

•Ranked among the Top 15 in multiple university-level CTFs at FAST-NUCES Karachi during 2023-2024.

Cybersecurity Training & Ethical Hacking Experience

•Completed TryHackMe paths: Pre-Security, Cybersecurity 101, Web Fundamentals, and Junior Penetration Tester, with hands-on labs covering enumeration, exploitation, and privilege escalation

•Practiced web application security testing in PortSwigger Web Security Academy, focusing on exploitation of common web vulnerabilities including SQLi, XSS, and access control flaws

•Exploited vulnerable systems on VulnHub (e.g., Basic Pentesting, Mr Robot), applying structured attack cycles from recon → enumeration → exploitation

•Used Microsoft Threat Modeling Tool for DFD creation and basic STRIDE-based threat analysis in academic coursework

Skills

Security Operations & Analysis
•Splunk log analysis
•Wireshark traffic analysis
•Incident triage basics
Offensive & Assessment Skills
•Web Application Penetration Testing
•Vulnerability enumeration
•Nmap, Gobuster, Burp Suite, ZAP
Networking & Systems
•TCP/​IP, subnetting
•Linux (Bash)
•Cisco Packet Tracer

Education

Bachelor of Science in Cyber Security, FAST National University of Computer and Emerging Sciences, Karachi

2023 – Present

•Dean's List Honoree (Fall 2024, 3.83 SGPA)

•Current CGPA (3.23/​4.0)

•Expected Graduation: May 2027

Projects

Subdomain Enumeration Tool, Python, Shodan API, VirusTotal API, HTTP requests

2026

•Developed a reconnaissance tool for attack surface mapping using brute-force and API-based subdomain discovery

•Implemented live host validation and HTTP filtering to identify active subdomains

•Integrated Shodan and VirusTotal APIs for OSINT-based asset enrichment and exposure analysis

•Designed for external attack surface discovery to support reconnaissance phase of penetration testing engagements